Self-spreading GlassWorm malware hits OpenVSX, VS Code registries

A new and ongoing supply-chain attack is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces with ...
CSOonline

Developer sabotages own npm module prompting open-source supply chain security questions

The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity. The developer of a popular JavaScript ...
heise online

Remote access Trojan found in npm package with 40,000 weekly downloads

Compromised variants of the "rand-user-agent" package have surfaced on npm, which had a remote access Trojan on board. Although the random user agent is marked as obsolete, it is still downloaded a ...